Step 1 – Download all the necessary certificates (your Server Certificate and the Intermediate Certificates) from your customer area or from the order completion email provided by your CA.

Now copy them to the directory on your server where you intend to store your key files and certificates. Please ensure to make them readable by root only.

Step 2 – Now find the Apache config file – usually titled "httpd.conf". Generally it is found in /etc/httpd, though it may differ in certain variations of Apache. In the file you may find the <VirtualHost> block in one of the following locations:

At the bottom of the httpd.conf files.

In a file called 'ssl.conf'

In their own files under a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/.

You will want to open the files in a text editor until you locate the <VirtualHost> block.

Step 3 – You will need a virtual host for both the HTTPS and HTTP protocol if you want your website to be accessible with both, secure (https) and non-secure (http) connections. As described in step 4, make a copy of the existing non-secure virtual host and then configure it for HTTPS (SSL).

If you want your website to be exclusively accessible securely via HTTPS, you can configure the existing virtual host for SSL (as described in step 4)

Step 4 – In this step, configure the <VirtualHost> block for the SSL-enabled site. Proceed by un-commenting the following line (by removing the hash '#') from the 'httpd.conffile #Include conf/extras/httpd-ssl.conf', which has most of the SSL-related settings configured out of the box. All you have to do is point the VirtualHost settings to your certificate files, directories and website.

Here is an illustration of a virtual host configured for your SSL certificate:

In the above example, all the parts highlighted in bold are to be added for SSL configuration. Also, to match your file names, you need to adjust the following file names:

'SSLCertificateFile' is the certificate file for your server (e.g. your_domain_name.crt)

'SSLCertificateKeyFile' is the private key that you generated while creating the CSR

'SSLCertificateChainFile' is the intermediate certificate(s) file provided by your CA. If you have multiple Intermediates, some servers may require you to concatenate the files into one. If this file does not work, try using 'SSLCACertificateFile'.

Step 5 – Please make sure you re-check all your Apache config files for any errors as the server will not start again if it has some syntax errors in it. Run the following command to check your Apache server: 'apachectl configtest'.

Step 6 – Conclude the process by restarting the Apache server. Use the following 'apachectl'commands to start/stop with SSL support:

apachectl start

apachectl stop

Please note, if the 'apachectl start' command fails to work, you can also try using the command 'apachectl startssl' instead. We suggest you to adjust the 'start up configuration' of apache to include the SSL support in the regular 'apachectl start' command, if you find your SSL support loading only with the help of this command. Otherwise, your server may need you to manually restart Apache with the command 'apachectl startssl' during server re-boot, which typically involves the removal of the <IfDefineSSL> and </IfDefine> that enclose your SSL configuration.

Troubleshooting

If you receive a warning message that reads "not trusted", you need to check if it indeed is the certificate you just configured. If it is, then it's likely your 'SSLCertificateChainFile' has not correctly configured and you are missing some Intermediate Certificates.

If you do not see the expected certificate then you might have another SSL <VirtualHost> block before the one you configured recently. Unless you use the same certificate for all virtual hosts like Wildcard or UC certificate, name-based virtual hosts are not possible with https.

World's Leading Provider of Website Security Solutions

Buy SSL

Check out our unbeatable
pricing. Browse over 80 of
the most trusted certs in the industry.Shop Now

SSL Assistance

Our SSL experts are
available 24/7/365 via email,
live chat, and telephone.Get Help

SSL Tools

FREE tools available to
our customers and resellers to
help with common SSL issues.Use Our Tools